The Default Privacy Rule

The Fourth Amendment forbids “unreasonable” searches and seizures by the government. In most circumstances, the Fourth Amendment requires that government agents obtain a warrant from a judge by presenting preliminary evidence establishing “probable cause” to believe that the thing to be searched or seized likely contains evidence of illegal activity before the officer is authorized to search.

The Border Search Exception

Unfortunately, the Supreme Court has sanctioned a “border search exception” to the probable cause warrant requirement on the theory that the government has an interest in protecting the “integrity of the border” by enforcing the immigration and customs laws. As a result, “routine” searches at the border do not require a warrant or any individualized suspicion that the thing to be searched contains evidence of illegal activity.

The Exception to the Exception: “Non-Routine” Searches

But the border search exception is not without limits. As noted, this exception only applies to “routine” searches, such as those of luggage or bags presented at the border. “Non-routine” searches – such as searches that are “highly intrusive” and impact the “dignity and privacy interests” of individuals, or are carried out in a “particularly offensive manner” – must meet a higher standard: individualized “reasonable suspicion.” In a nutshell, that means border agents must have specific and articulable facts suggesting that a particular person may be involved in criminal activity. For example, the Supreme Court held that disassembling a gas tank is “routine” and so a warrantless and suspicionless search is permitted. However, border agents cannot detain a traveler until they have defecated to see if they are smuggling drugs in their digestive tract unless the agents have a “reasonable suspicion” that the traveler is a drug mule.

Border Searches of Digital Devices

How does this general framework apply to digital devices and data at the border? Border agents argue that the border search exception applies to digital searches. We think they are wrong. Given that digital devices like smartphones and laptops contain highly personal information and provide access to even more private information stored in the cloud, the border search exception should not apply. As Chief Justice Roberts recognized in a 2014 case, Riley v. California:

Modern cell phones are not just another technological convenience. With all they contain and all they may reveal, they hold for many Americans the privacies of life.

Snooping into such privacies is extraordinarily intrusive, not “routine.” Thus, when the government asserted the so-called “incident to arrest” exception to justify searching a cell phone without a warrant during or immediately after an arrest, the Supreme Court called foul. Why is the Riley decision important at the border? For one thing, the “incident to arrest” exception that the government tried to invoke is directly comparable to the border search exception, because both are considered “categorical” exemptions. Given that the intrusion is identical in both instances, the same privacy protections should apply. Moreover, with the ubiquity of cloud computing, a digital device serves as a portal to highly sensitive data, where the privacy interests are even more significant. Following Riley, we believe that any border search of a digital device or data in the cloud is unlawful unless border agents first obtain a warrant by showing, to a judge,in advance, that they have probable cause to believe the device (or cloud account) likely contains evidence of illegal activity. However, lower courts haven’t quite caught up with Riley. For example, the Ninth Circuit held that border agents only need reasonable suspicion of illegal activity before they could conduct a non-routine forensic search of a traveler’s laptop, aided by sophisticated software. Even worse, the Ninth Circuit also held that a manual search of a digital device is “routine” and so a warrantless and suspicionless search is still “reasonable” under the Fourth Amendment. Some courts have been even less protective. Last year a court in the Eastern District of Michigan upheld a computer-aided border search of a traveler’s electronic devices that lasted several hours without reasonable suspicion. EFF is working hard to persuade courts (and border agents) to adopt the limits set forth in the Riley decision for border searches of cellphones and other digital devices. In the meantime, what should you do to protect your digital privacy? Much turns on your individual circumstances and personal risk assessment. The consequences for non-compliance with a command from a CBP agent to unlock a device will be different, for example, for a U.S. citizen versus a non-citizen. If you are a U.S. citizen, agents must let you enter the country eventually; they cannot detain you indefinitely. If you are a lawful permanent resident, agents might raise complicated questions about your continued status as a resident. If you are a foreign visitor, agents may deny you entry entirely. We recommend that everyone conduct their own threat model to determine what course of action to take at the border. Our in depth Border Search Whitepaper offers you a spectrum of tools and practices that you may choose to use to protect your personal data from government intrusion. For a more general outline of potential practices, see our pocket guides to Knowing Your Rights and Protecting Your Data at the Border.

Related Updates

This summer 143 million Americans had their most sensitive information breached, including their name, addresses, social security numbers (SSNs), and date of birth. The breach occurred at Equifax, one of the three major credit reporting agencies that conducts the credit checks relied on by many industries, including landlords, car lenders...

EFF sent California Gov. Jerry Brown a letter urging him to sign S.B. 31. This bill, authored by Sen. Ricardo Lara, would prevent state and local government in California from assisting the federal government in creating a registry based on religious belief, national origin, or ethnicity. All too...

In April 2017, Terry Spears shared his story with San Diego’s local public media station KPBS on what it’s like to be listed in the CalGang database. Even though Mr. Spears says he has never been in a gang, it hasn’t stopped law enforcement from harassing him, and he once...

Because the global Internet carries data acrossinternationalborders, police often seek digital evidence stored in another country. To obtain such cross-border data, police generally must gain approval from the government whose territory hosts the data, under an international web of Mutual Legal Assistance Treaties (MLATs)...

Since 2014, our digital security guide, Surveillance Self-Defense (SSD), has taught thousands of Internet users how to protect themselves from surveillance, with practical tutorials and advice on the best tools and expert-approved best practices. After hearing growing concerns among activists following the 2016 US presidential election, we pledged...

In the dead of night, the California Legislature shelved legislation that would have protected every Internet user in the state from having their data collected and sold by ISPs without their permission. By failing to pass A.B. 375, the legislature demonstrated that they put the profits of Verizon, AT&T, and...

As the days wind down for the California legislature to pass bills, transparency advocates have seen landmark measures fall by the wayside. Without explanation, an Assembly committee shelved legislation that would have shined light on police use of surveillance technologies, including a requirement that police departments seek approval from...

Now that California’s Broadband Privacy Bill, A.B. 375, is headed for a final vote in the California legislature, Comcast, Verizon, and all their allies are pulling out all the stops to try to convince state legislators to vote against the bill. Unfortunately, that includes telling legislators about made-up problems the...

Boston, Massachusetts—The Electronic Frontier Foundation (EFF) and the American Civil Liberties Union (ACLU) sued the Department of Homeland Security (DHS) today on behalf of 11 travelers whose smartphones and laptops were searched without warrants at the U.S. border. The plaintiffs in the case are 10 U.S. citizens and...